Hi Robert,
I won't be able to look into this in detail until Thursday or Friday at
the earliest, but for right now, I'm copying the GnuTLS maintainers in
case they can shed any light.
Comments below...
On Tue, Oct 27, 2015 at 09:03:48PM +0000, Robert McQueen wrote:
Since upgrading to Jessie I ran into a bug in the SOGo groupware where
it goes into an infinite loop after connecting to my LDAP server over
TLS.
This bug doesn't happen if I downgrade libldap to 2.4.31-2, or if you
configure SOGo to connect to LDAP without TLS, which are both detailed
on the upstream bug:
http://www.sogo.nu/bugs/view.php?id=3211
Inverse (upstream developers of SOGo groupware) have investigated and
found that it seems like initialising TLS in LDAP is closing an
unrelated file descriptor used internally for SOGo's event handling:
http://www.sogo.nu/bugs/view.php?id=3211#c9021
Indeed. The top of the trace is very interesting:
#0 close () at ../sysdeps/unix/syscall-template.S:81
0000001 0x00007ffff3e70ee3 in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
0000002 0x00007ffff3e70f06 in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
0000003 0x00007ffff3dd0c56 in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
0000004 0x00007ffff3de1d4f in gnutls_global_set_mutex () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
0000005 0x00007ffff3735c06 in tls_init (impl=0x7ffff394e420
<ldap_int_tls_impl>) at tls2.c:170
Can you please generate that trace again with libgnutls28-dbg installed,
so that we can see more details?
Seeing as downgrading libldap seems to fix the bug it suggests a
regression or side-effect from some changes between Wheezy and Jessie.
I'm not sure what the best next step is - I wonder if Ludovic (CC'd)
or someone at Inverse would be able to create a standalone
test/reproduction program so somebody could bisect and find a libldap
change that exposes the bug, or if someone familiar with the code
could review changes to the TLS code in libldap to see what has
changed from 2.4.31 to 2.4.40 that might explain it?
thanks,
Ryan
